(19) 



J 



Europaisches Patentamt 
European Pat nt Office 
Office europeen des brevets 



(12) 



01) EP 0 851 335 B1 

EUROPEAN PATENT SPECIFICATION 



(45) Date of publication and mention 
of the grant of the patent: 
29.10.2003 Bulletin 2003/44 

(21) Application number: 97310653.7 

(22) Date of filing: 30.12.1997 



(51) IntCI. 7 : G06F 1/00 



(54) Secure two-piece user authentication in a computer network 

Gesicherte zweiteilige Benutzer-Authentifizierung in einem Rechnernetz 
Authentification en deux pieces securisee d'un utilisateur dans un reseau d'ordinateurs 



OQ 
m 

CO 
CO 



oo 



Q- 
LU 



(84) Designated Contracting States: 
DEFR GB 

(30) Priority: 31.12.1996 US 774809 

(43) Date of publication of application: 
01.07.1998 Bulletin 1998/27 

(73) Proprietor: Compaq Computer Corporation 
Houston Texas 77070 (US) 

(72) Inventors: 

• Angelo, Michael F. 
Houston, Texas 77068 (US) 

• Olarig, Sompong P. 
Cypress, Texas 77429 (US) 



(74) Representative: Brunner, Michael John et al 
GILL JENNINGS & EVERY, 
Broadgate House, 
7 Eldon Street 
London EC2M 7LH (GB) 



(56) References cited: 
US-A- 5 146 499 
US-A- 5 497 421 



US-A-5 237 614 
US-A- 5 548 721 



"JEWELRY FOR THE INFORMATION AGE" 
ELECTRONICS, vol. 244, no. 17, 18 September 
1995, page 49 XP000535371 



Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give 
notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in 
a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 
99(1) European Patent Convention). 



Printed by Jouve, 75001 PARIS <FR) 



1 



EP 0 851 335 B1 



2 



Description 

[0001] The invention relates to security in a computer 
system, and more particularly to using a cryptographic 
token to provide two-piece user authentication in a com- 5 
puter network. 

[0002] Today's businesses invest large amounts of 
money in hardware and software, and even more money 
is spent developing information contained in data files 
such as text documents and spreadsheets. Protecting 10 
such investments can be critical to the success and rep- 
utation of a business. Public accounts of the exploits of 
computer "hackers" - as malicious code-breakers or 
eavesdroppers are sometimes called - have therefore 
focussed and magnified corporate desires for secure is 
communications and better methods of protecting data. 
The scope of the problem is undoubtedly even more se- 
rious than reported, given the reluctance of many busi- 
nesses to report security breaches. As a result, security 
conscious users are requesting that security and integ- 20 
rity features be incorporated into their computer net- 
works to restrict access to data contained on hard 
drives, as well as information contained in other critical 
network components. 

[0003] One known approach to security involves en- 25 
cryption or cryptography. Cryptography is typically used 
to protect both data and communications. Generally, an 
original message or data item is referred to as "plain 
text", while "encryption" denotes the process of disguis- 
ing or altering a message in such a way that its sub- 30 
stance is not readily discernable. An encrypted mes- 
sage is called "ciphertext". Ciphertext is returned to plain 
text by an inverse operation referred to as "decryption". 
Encryption is typically accomplished through the use of 
a cryptographic algorithm, which is essentially a math- 35 
ematical function. The most common cryptographic al- 
gorithms are key-based, where special knowledge of 
variable information called a "key" is required to decrypt 
ciphertext. There are many types of key-based crypto- 
graphic algorithms, providing varying levels of security. 40 
[0004] The two most prevalent cryptographic algo- 
rithms are generally referred to as "symmetric" (also 
called secret key or single key algorithms) and "public 
key" (also called asymmetric algorithms), The security 
in these algorithms is entered around the keys ~ not the 45 
details of the algorithm itself. This makes it possible to 
publish the algorithm for public scrutiny and then mass 
produce it for incorporation into security products. 
[0005] In most symmetric algorithms, the encryption 
key and the decryption key are the same. This single 50 
key encryption arrangement is not flaw-free. The sender 
and recipient of a message must somehow exchange 
information regarding the secret key. Each side must 
trust the other not to disclose the key. Further, the send- 
er must generally communicate the key via another me- 55 
dia (similar to a bank sending the personal identification 
number for an ATM card through the mail). This arrange- 
ment is not practical when, for example, the parties in- 



teract electronically for the first time over a network. The 
number of keys also increases rapidly as the number of 
users increases. 

[0006] With public key algorithms, by comparison, the 
key used for encryption is different from the key used 
for decryption. It is generally very difficult to calculate 
the decryption key from an encryption key. In typical op- 
eration, the "public key" used for encryption is made 
public via a readily accessible directory, while the cor- 
responding "private key" used for decryption is known 
only to the recipient of the ciphertext. In an exemplary 
public key transaction, a sender retrieves the recipient's 
public key and uses it to encrypt the message prior to 
sending it. The recipient then decrypts the message with 
the corresponding private key. It is also possible to en- 
crypt a message using a private key and decrypt it using 
a public key. This is sometimes used in digital signatures 
to authenticate the source of a message. 
[0007] One problem with public key algorithms is 
speed. Public key algorithms are typically on the order 
of 1,000 times slower than symmetric algorithms. This 
is one reason that secure communications are often im- 
plemented using a hybrid cryptosystem. In such a sys- 
tem, one party encrypts a random "session key" with the 
other party's public key. The receiving party recovers the 
session key by decrypting it with his/her private key. All 
further communications are encrypted using the same 
session key (which effectively is a secret key) and a 
symmetric algorithm. 

[0008] The number of cryptographic algorithms is 
constantly growing. The two most popular are DES (Da- 
ta Encryption Standard) and RSA (named after its in- 
ventors -Rivest, Shamir, and Adleman). DES is a sym- 
metric algorithm with a fixed key length of 56 bits. RSA 
is a public key algorithm that can be used for both en- 
cryption and digital signatures. DSA (Digital Signature 
Algorithm) is another popular public key algorithm that 
is only used for digital signatures. With any ofthese al- 
gorithms, the relative difficulty of breaking an encrypted 
message by guessing a key with a brute force attack is 
proportional to the length of the key. For example, if the 
key is 40 bits long, the total number of possible keys 
(2 40 ) is about 1 1 0 billion. Given the computational power 
of modern computers, this value is often considered in- 
adequate. By comparison, a key length of 56 bits pro- 
vides 65,636 times as many possible values as the 40 
bit key. 

[0009] Much attention has been given to protecting 
and authenticating communications and data as they 
are transmitted via internal corporate networks (intran- 
ets or LANs) and external networks (such as the Inter- 
net). One known method of offering limited access to a 
networked computer is through the use of passwords. 
A password is typically stored in a computer's battery- 
backed CMOS RAM memory. Before the user is allowed 
access to the computer or secured computer resources, 
the user is required to enter a password. Once a pass- 
word is entered, the computer's power-on routine com- 
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pares the password to the password in CMOS memory 
and, if they match, the user is allowed access. A main 
disadvantage of this system is that certain forms of at- 
tack can bypass the CMOS memory because in many 
cases it is not read protected. While generally effective, 5 
password protection is one-piece in nature and is only 
as secure as the password itself. 
[0010] Physical keys or tokens, such as those used 
to unlock a door, have also been used to permit access 
to a computer system. Like the password approach, this 
type of security is "one-piece" in nature, and is compro- 
mised if the key or token is stolen. Anyone possessing 
the key can gain access to the computer network and is 
accorded the same level of access as an authorized us- 
er. Currently, there exists no satisfactory method of ver- 
ifying user identity in granting access privileges in a dis- 
tributed computing environment. 
[0011] US-A-5548721 discloses a method of conduct- 
ing secure operation in an uncontrolled network in which 
authorised users are provided with a persona identifier 
and with a portable, electronically readable card with 
part of a system key thereon. The system key is created 
by a secure network access port at the workstation, and, 
when used in combination with the persona identifier, 
uniquely identifies the user so that the card and identifier 
may be used to conduct secure operations from any 
workstation in the network. 

[0012] US-A-5146499 discloses authentication of a 
smart card utilises a microcomputer provided with an in- 
ternal leader and an electronic circuit linked to the mi- 
crocomputer. The circuit includes a microprocessor ca- 
pable of generating a random factor. 
[0013] Briefly, a computer system according to the 
present invention utilizes a two-piece authentication 
procedure to securely provide user authentication over 
a network. 

[0014] According to the present invention there is pro- 
vided a method for securely authenticating user identity 
in a computer network including a network server cou- 
pled to at least one network node capable of communi- 
cating with an external token that includes a crypto- 
graphic algorithm and an encryption key, the network 
node further incorporating a secure power-up procedure 
or other secure operating mode, the method comprising 
the steps of providing a user password to the network 
node; communicatively coupling the external token to 
the network node; providing the user password to the 
cryptographic algorithm stored in the token; and char- 
acterised by: encrypting the user password with the 
cryptographic algorithm and the encryption key to pro- 
duce a network password; communicating the network 
password to the network server; and comparing the net- 
work password or portions thereof to information main- 
tained by the network server in order to verify user iden- 
tity and/or determine network privileges accorded to the 
network password. 

[0015] The method may further comprise the step of 
enabling or blocking access to a secured network re- 



source in response to the result of said step of compar- 
ing the network password to information maintained by 
the network server and this step may comprise utilizing 
the network password to govern the encryption and de- 
cryption of specified data maintained in the network 
server. 

[0016] The step of providing a user password to the 
network node may be performed while the network node 
is in a secure period of operation which may include a 
secure power-up procedure. 

[0017] Preferably, prior to the step of communicating 
the network password to the network server, the method 
further comprises the step of encrypting the network 
password using a network public key; and following the 
step of communicating the network password to the net- 
work server, decrypting the network password using a 
network private key corresponding to the network public 
key. 

[0018] The method may further comprise the step of 
appending node identification information to the network 
password prior to communicating the network password 
to the network server. 

[0019] Preferably, the step of comparing the network 
password or portions thereof to information maintained 
by the network server includes limiting access to spec- 
ified data based upon the network password and ap- 
pended node identification information. 
[0020] The step of encrypting the user password with 
the cryptographic algorithm and the encryption key may 
occur in the token. 

[0021] The step of providing the user password to the 
cryptographic algorithm may comprise downloading 
both the cryptographic algorithm and the user password 
to secure computer memory, and the step of encrypting 
the user password with the cryptographic algorithm and 
the encryption key may occur in secure computer mem- 
ory. 

[0022] Preferably, the network password is main- 
tained in secure memory space within the network node. 
[0023] The token may be a smart card or a Touch 
Memory™ device. 

[0024] The encryption key may be unique or of limited 
production. 

[0025] Furthermore, according to the present inven- 
tion there is provided a computer system capable of se- 
curely providing two-piece user authentication data over 
a computer network, the computer system having a se- 
cure power-on process or other secure operating mode, 
the computer system comprising: a system bus; a proc- 
essor coupled to said system bus; token interface cir- 
cuitry coupled to said processor for communicating with 
an external token; network interface circuitry allowing 
said processor to direct communications to a network 
server, and characterised by means for operating in con- 
junction with the external token containing a crypto- 
graphic algorithm and an encryption key, and security 
code stored in a processor readable medium compris- 
ing: means for receiving a user password; means for 
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providing the user password to the external token; 
means for receiving a network password from the exter- 
nal token, wherein the network password is an encrypt- 
ed version of the user password; and means for com- 
municating the network password to the network server 
via said network interface circuitry in order to allow the 
computer user to access secured network resources. 
[0026] A better understanding of the present invention 
can be obtained when the following detailed description 
of the preferred embodiment is considered in conjunc- 
tion with the following drawings, in which: 

Figure 1 is a schematic block diagram of a computer 
system incorporating capabilities for two-piece user 
authentication according to the present invention; 
Figure 2 is a schematic block diagram of a local area 
network illustrating secure user authentication and 
remote peripheral access according to the present 
invention; 

Figure 3 is graphical representation of System Man- 
agement Mode memory according to the present in- 
vention; and 

Figures 4A and 4B are flowchart diagrams illustrat- 
ing a two-piece procedure according to the present 
invention for entering password information during 
a secure power-up procedure. 

[0027] The following patents and applications are ref- 
erenced in the text which follows: 

Our US Patent No. 5,537,540, entitled "TRANS- 
PARENT, SECURE COMPUTER VIRUS DETEC- 
TION METHOD AND APPARATUS", is hereinafter 
referred to as the "SAFESTART patent"; 
Our US Patent No. 5,567,615 entitled, "SECURITY 
CONTROL FOR A PERSONAL COMPUTER"; 
Our US Patent No. 5,375,243, entitled "HARD DISK 
PASSWORD SECURITY SYSTEM"; 
Our US Patent No. 5,748,888, entitled "METHOD 
AND APPARATUS FOR PROVIDING SECURE 
AND PRIVATE KEYBOARD COMMUNICATIONS 
IN COMPUTER SYSTEMS"; and 
Our US Patent No. 5,949,882, entitled "A METHOD 
AND APPARATUS FOR ALLOWING ACCESS TO 
SECURED COMPUTER RESOURCES BY UTILIZ- 
ING A PASSWORD AND EXTERNAL ENCRYP- 
TION ALGORITHM". 

[0028] Referring first to Figure 1 , a computer system 
S according to the present invention is shown. In the 
preferred embodiment, the system S incorporates two 
primary buses: a Peripheral Component Interconnect 
(PCI) bus P which includes an address/data portion and 
a control signal portion; and an Industry Standard Archi- 
tecture (ISA) bus I which includes an address portion, a 
data portion, and a control signal portion. The PCI and 
ISA buses P and I form the architectural backbone of 
the computer system S. 



[0029] A CPU/memory subsystem 100 is connected 
to the PCI bus P. The processor 102 is preferably the 
Pentium® processor from Intel Corporation, but could 
be an 80486 or any number of similar or next-generation 

5 processors. The processor 102 drives data, address, 
and control portions 1 1 6, 1 06, and 1 08 of a host bus HB. 
A level 2 (L2) or external cache memory 1 04 is connect- 
ed to the host bus HB to provide additional caching ca- 
pabilities that improve the overall performance of the 

10 computer system S. The L2 cache 104 may be perma- 
nently installed or may be removable if desired. A cache 
and memory controller 110 and a PCI-ISA bridge chip 
130 are connected to the control and address portions 
1 08 and 1 06 of the host bus HB. The cache and memory 

15 controller chip 110 is configured to control a series of 
data buffers 112. The data buffers 1 12 are preferably the 
82433LX from Intel, and are coupled to and drive the 
host data bus 116 and a MD or memory data bus 118 
that is connected to a memory array 114. A memory ad- 

20 dress and memory control signal bus is provided from 
the cache and memory controller 110. 
[0030] The data buffers 112, cache and memory con- 
troller 110, and PCI-ISA bridge 130 are all connected to 
the PCI bus P. The PCI-ISA bridge 1 30 is used to convert 

25 signals between the PCI bus P and the ISA bus I. The 
PCI-ISA bridge 130 includes: the necessary address 
and data buffers, arbitration and bus master control logic 
for the PCI bus P, ISA arbitration circuitry, an ISA bus 
controller as conventionally used in ISA systems, an IDE 

30 (intelligent drive electronics) interface, and a DMA con- 
troller. A hard disk drive 140 is connected to the IDE 
interface of the PCI-ISA bridge 130. Tape drives, 
CD-ROM devices or other peripheral storage devices 
(not shown) can be similarly connected. 

35 [0031] In the disclosed embodiment, the PCI-ISA 
bridge 130 also includes miscellaneous system logic. 
This miscellaneous system logic contains counters and 
activity timers as conventionally present in personal 
computer systems, an interrupt controller for both the 

40 PCI and ISA buses P and I, and power management 
logic. Additionally, the miscellaneous system logic may 
include circuitry for a security management system used 
for password verification and to allow access to protect- 
ed resources as described more fully below. 

45 [0032] The PCI-ISA bridge 1 30 also includes circuitry 
to generate a "soft" SMI (System Management Inter- 
rupt), as well as SMI and keyboard controller interface 
circuitry. The miscellaneous system logic is connected 
to the flash ROM 1 54 through write protection logic 1 64. 

50 Separate enable/interrupt signals are also communicat- 
ed from the PCI-ISA bridge 130 to the hard drive 140. 
Preferably, the PCI-ISA bridge 130 is a single integrated 
circuit, but other combinations are possible. 
[0033] A series of ISA slots 1 34 are connected to the 

55 ISA bus I to receive ISA adapter cards. A series of PCI 
slots 142 are similarly provided on the PCI bus P to re- 
ceive PCI adapter cards. 

[0034] A video controller 1 65 is also connected to the 
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PCI bus P. Video memory 166 is used to store graphics 
data and is connected to the video graphics controller 
165 and a digital/analog converter (RAM D AC) 168. The 
video graphics controller 165 controls the operation of 
the video memory 166, allowing data to be written and 5 
retrieved as required. A monitor connector 169 is con- 
nected to the RAM D AC 168 for connecting a monitor 
170. 

[0035] A network interface controller (NIC) 1 22 is also 
connected to the PCI bus P, allowing the computer sys- 
tem S to function as a "node" on a network. Preferably, 
the controller 122 is a single integrated circuit that in- 
cludes the capabilities necessary to act as a PCI bus 
master and slave, as well as circuitry required to act as 
an Ethernet interface. Attachment Unit Interface (AUI) 
and 10 base-T connectors 124 are provided in the sys- 
tem S, and are connected to the NIC 122 via filter and 
transformer circuitry 126. This circuitry forms a network 
or Ethernet connection for connecting the computer sys- 
tem S to a distributed computer environment or local ar- 
ea network (LAN) as shown in Figure 2. 
[0036] A combination I/O chip 1 36 is connected to the 
ISA bus I. The combination I/O chip 136 preferably in- 
cludes a real time clock, two UARTS, a floppy disk con- 
troller for controlling a floppy disk drive 138, and various 
address decode logic and security logic to control ac- 
cess to an internal or external CMOS/NVRAM memory 
(not shown) and stored password values. Further details 
of contemplated uses of the NVRAM memory are pro- 
vided below. Additionally, a control line is provided to the 
read and write protection logic 1 64 to further control ac- 
cess to the flash ROM 154. Serial port connectors 146 
and parallel port connector 132 are also connected to 
the combination I/O chip 136. 

[0037] An 8042, or keyboard controller, is also includ- 
ed in the combination I/O chip 136. The keyboard con- 
troller is of conventional design and is connected in turn 
to a keyboard connector 158 and a mouse or pointing 
device connector 160. A keyboard 159 is connected to 
the computer system S through the keyboard connector 
158. 

[0038] A buffer 144 is connected to the ISA bus I to 
provide an additional X-bus X for various additional 
components of the computer system S. A flash ROM 
154 receives its control, address and data signals from 
the X-bus X. Preferably, the flash ROM 1 54 contains the 
BIOS information for the computer system and can be 
reprogrammed to allow for revisions of the BIOS. 
[0039] In the disclosed embodiment, the computer 
system S contains circuitry for communicating with a re- 
movable cryptographic token 188. The precise physical 
nature of the token 188 is not considered critical to the 
invention. The token can take many forms, such as a 
Touch Memory™ device supplied by Dallas Semicon- 
ductor, Inc., a smart card, or an encryption card. Prefer- 
ably, the token 188 is easily decoupled from the compu- 
ter system S and easily transportable by the token bear- 
er. The token 188 contains at least one of a variety of 



encryption algorithms (such as DES, Blowfish, elliptic 
curve-based algorithms, etc.). Although the base algo- 
rithm can be the same in each token 188, it is preferable 
that the encryption key be different in each token 188. 
Ideally, the token 188 is capable of communicating dig- 
itally with the computer system S during momentary 
contact with or proximity to the computer system S. The 
token 188 of the disclosed embodiment is capable of 
storing the encryption algorithm in a non-volatile manner 
and can be permanently write-protected to discourage 
tampering. 

[0040] In the disclosed embodiment of the invention, 
the circuitry used for establishing a communication link 
between the token 1 88 and the computer system S con- 
sists of a probe 186 connected to a COM or serial port 
adapter 184. The port adapter 184 is connected to the 
RS232 connector 146. Alternatively, the port adaptor 
184 could interface with an application specific integrat- 
ed circuit (ASIC). In operation, the token 188 is detach- 
ably received by the probe 1 86. The probe 186 includes 
circuitry for reading and writing memory in the token 
188, and can be fully powered through the RS232 con- 
nector 146. In addition, the probe 186 includes presence 
detector circuitry for ascertaining the presence of a to- 
ken 188. 

[0041] An additional feature of the computer system 
S is a System Management Mode (SMM), as discussed 
at length below in conjunction with Figure 3. It is also 
noted that Figure 1 presents an exemplary embodiment 
of the computer system S and it is understood that nu- 
merous other effective embodiments could readily be 
developed as known to those skilled in the art. 
[0042] Referring now to Figure 2, a distributed access 
environment illustrating secure user authentication and 
remote peripheral access according to the present in- 
vention is shown. Two-piece entry of a user password 
at a network node 200 results in a network password 
that is securely distributed to over the network to allow 
access to remote peripherals. In the disclosed embodi- 
ment, the secured remote peripheral takes the form of 
networked hard drives 216, 218 and 220, although ac- 
cess to any secured network resource falls within the 
scope of the invention. 

[0043] The user authentication process occurs simi- 
larly in each network node 200, and the description of 
the process for a single node 200a is provided for sake 
of clarity. In the disclosed embodiment of the invention, 
a password entry process is carried out during a secure 
power-up procedure or other secure mode of operation 
as detailed more specifically in conjunction with Figures 
4A and 4B. During the secure power-up procedure, the 
computer system S checks for the presence of an ex- 
ternal cryptographic token or smart card 188a that is 
used to store an encryption algorithm furnished with a 
unique encryption key and optional identification infor- 
mation. 

[0044] Following detection of the external token 188a, 
the computer user is required to enter a plain text user 
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password. Once entered, the user password is encrypt- 
ed using an encryption algorithm contained in the exter- 
nal token 188a, thereby generating a "network" pass- 
word. Alternatively, the external token 188a can gener- 
ate the network password by performing a one-way 
hash function on the user password. In either case, the 
network password is maintained in a secure memory 
space such as SMM memory 250 (see Figure 3). When 
the user desires to access a network resource such as 
a hard drive in a server 201, the network password is 
appended with an optional session key, the user's public 
key, or node identification information 204a. The node 
identification information can be used for a variety of 
purposes, including limiting access to certain pieces of 
data to specified users on specified machines. The net- 
work password and node information are then encrypt- 
ed by an encryption algorithm 206a. 
[0045] The encryption algorithm 206a can take many 
forms, including all of the aforementioned algorithms. If 
a public key/private key algorithm is used, the network 
server's public key (or any key that is known only to the 
server) is used with encryption algorithm 206a. The dis- 
closed encryption scheme allows the encrypted network 
password to be communicated over an unsecured net- 
work in such a manner that it is only decipherable by the 
targeted network server 201. 

[0046] Following encryption with the server's public 
key, the encrypted network password it communicated 
to the network server 201 via network interface control- 
lers 122a and 122d. The encrypted network password 
is then decrypted (at element 210) with the server's pri- 
vate key to retrieve the network password. After the net- 
work password and any optional session key or node 
identification information has been decrypted, it is for- 
warded to a verification process 212 to determine the 
user's access privileges to hard drives 216, 218, and 
220. 

[0047] The verification process can take many forms, 
including an indexed look-up table in which multiple net- 
work passwords (in conjunction with any node identifi- 
cation information) are granted the same or a variety of 
access privileges. Numerous other uses are contem- 
plated for the network password. For example, the pass- 
word or any appended session keys can be utilized to 
decrypt or encrypt data on one of the hard drives 
216-220 through interface circuitry 214, or as an ena- 
blement signal to a password protected device such as 
the disk drive described in our US-A-5,375,243. 
[0048] A one-way hash function or an encryption al- 
gorithm can also be used to convert the network pass- 
word into a pseudo-random seed (intermediate key). 
The pseudo-random seed could then be used by a de- 
terministic system to generate a public-key/private-key 
key pair. A common cryptographic algorithm used to 
generate such keys is DES, but many other algorithms 
suffice. 

[0049] As mentioned, optional keys such as a session 
key or the user's public key can be appended to the net- 



work password prior to its transmission over the net- 
work. When an appended session key is provided to the 
network server 201, subsequent communications be- 
tween the network node 200a and the network server 
5 201 are encrypted with a symmetric algorithm using the 
session key. Encryption and decryption with symmetric 
algorithms is typically much faster than encryption and 
decryption with public key algorithms. 
[0050] Alternatively, the network password could be 
configured as a subset of a current "super key" by using 
split key technology. Split key technology refers gener- 
ally to the process of "splitting" a master key and distrib- 
uting the portions such that access is contingent upon 
the presence of different portions. For example, the net- 
work server 201 can maintain one piece of the admin- 
istrative super key and require that a valid network pass- 
word (the other portion of the split key) be appended 
before access privileges are granted. The administra- 
tive super key can be broken up in different ways, such 
that multiple network users having different user pass- 
words and unique tokens 188 can access the same se- 
cured network resource. The administrative super key 
can be altered to encompasses additional network 
passwords as the need arises. Further details of split 
key technology can be found in US Patent Nos. 
5,276,737 and 5,315,658 entitled "FAIR CRYPTOSYS- 
TEMS AND METHODS FOR USE". 
[0051] It is also contemplated that the tokens 188 
themselves can incorporate identification information in 
addition to the encryption algorithm, allowing users to 
have different tokens for different activities - much like 
a person having checking and saving accounts that are 
accessible by the same personal identification number 
(PIN). Further, the NIC 122a is capable of appending 
node identification information to the encrypted network 
password. 

[0052] Such uses of the disclosed two-piece user au- 
thentication process permit the server hard drives 
21 6-220 or other network resources to be securely com- 
partmentalized with the option to have multiple user lev- 
els. This arrangement has many potential applications. 
For example, a company might not want certain docu- 
ments to be downloaded outside facility. The invention 
allows access privileges to be limited to specified nodes 
200 within the facility, proving an additional level of se- 
curity. 

The System Management Mode 

[0053] Referring now to Figure 3, certain microproc- 
essors, such as the Pentium® processor from Intel Cor- 
poration, include a mode referred to as System Man- 
agement Mode (SMM), which is entered upon receipt of 
a system management interrupt (SMI). Originally, SMIs 
were power management interrupts devised by Intel 
Corporation for portable systems. Portable computers 
often draw power from batteries which provide a limited 
amount of energy. To maximize battery life, an SMI is 
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typically asserted to turn off or reduce the power to any 
system component that is not currently in use. Although 
originally meant for laptop computers, SMIs have be- 
come popular for desktop and other stationary models 
as well. 

[0054] SMIs are asserted by either an SMI timer, by 
a system request, or by other means. An SMI is a non- 
maskable interrupt having almost the highest priority in 
the system. Only the reset signal R/S* and cache flush 
signal FLUSH*, which can be conceptualized as inter- 
rupts, have a higher priority than the SMI. When an SMI 
is asserted, a microprocessor maps a portion of memory 
referred to as SMM memory 250 into the main memory 
space. The entire CPU state is then saved in the SMM 
memory 250 (in the CPU register dump 260 of Figure 3) 
in stack-like, last in/first out fashion. After the initial proc- 
essor state is saved, the processor 102 begins execut- 
ing an SMI handler routine 252, which is an interrupt 
service routine to perform specific system management 
tasks such as reducing power to specific devices or, as 
in the case of the present invention, providing security 
services. While the routine is executed, other interrupt 
requests are not serviced, and are ignored until the in- 
terrupt routine is completed or the microprocessor is re- 
set. When the SMI handler 252 completes its task, the 
processor state is retrieved from the SMM memory 250, 
and the main program continues. An SMI active signal 
referred to as the SMI ACT* signal is provided by the 
processor to indicate operation in SMM. 
[0055] As mentioned, following assertion of its SMI in- 
put (this is generally an active low signal), the processor 
102 calls the SMI handler 252, which addresses an ad- 
dress space that is separate from ordinary main mem- 
ory. Thereafter, all memory accesses refer only to SMM 
memory 250. Input/output ("I/O") accesses via instruc- 
tions such as IN or OUT are still directed to the normal 
I/O address space, however. One advantageous side- 
effect of the hardwired separate address SMM area is 
that the routines stored in this space cannot be snooped 
by the cache, providing an additional layer of protection. 
[0056] In a typical system management mode imple- 
mentation, it is intended that battery-backed SRAM 
chips be mapped into the address space between 
30000h and 3ffffh by default. External hardware can use 
the SMIACT* signal as a chip select signal and thereby 
address either the SRAM chips (the SMIACT* signal is 
at a logic low level), or the normal main memory (the 
SMIACT* signal is at a logic high level). By using the 
SMIACT* signal, then, SMM memory 250 and normal 
memory can be strictly separated. 
[0057] Referring more specifically to Figure 3, a 
graphical representation of SMM memory 250 as con- 
figured according to the present invention is shown. As 
mentioned above, this address space is addressed by 
the processor 102 following an SMI. Following an SMI, 
the state of the processor 102 is stored in the CPU reg- 
ister dump 260. The SMI handler 252 is then called and 
executed by the processor 102. Importantly, the SMI 



handler 252 can be written such that it performs tasks 
other than power-down operations. An SMI handler 252 
written according to the present invention is able to uti- 
lize the encrypted user password (network password) 

5 254, encryption keys 256, and an encryption algorithm 
258 to securely perform encryption operations that allow 
a user's identity to be verified overa LAN. Because SMM 
memory 250 is only addressable while the computer 
system is in SMM, storing the encrypted user password 

10 254, encryption keys 256 and encryption algorithm 258 
in SMM memory 250 prevents malicious code from 
modifying or reading these sensitive components of the 
disclosed embodiment of the invention. The optional 
32-Kbyte SMM RAM extension 262 can be utilized for 

15 securely performing encryption functions or to store ad- 
ditional encryption keys. 

[0058] Referring now to Figure 4A and 4B, an exem- 
plary power-on sequence incorporating two-piece user 
verification according to the invention is shown. The se- 

20 quence builds upon a secure power-up procedure, such 
as that described in the SAFESTART patent. Briefly, this 
invention reduces the administrative requirements of 
earlier secure power-on techniques. A reserved 
non-DOS hard disk partition is used to pre-bootthe com- 

25 puter system S and provide a secure environment from 
which to verify files. Upon power-up or reset, the com- 
puter performs the power-on self test (POST), during 
which it checks a SAFESTART track by comparing its 
hash value to a value stored in NVRAM. If the integrity 

30 of the SAFESTART track is verified, the first "SAFE- 
START" routine is loaded into memory and executed. 
[0059] The SAFESTART routine first checks the mas- 
ter boot record and boot sectors of the hard disk. This 
verification captures a large majority of viruses and is 

35 performed before any code residing in those areas is 
executed, thus preventing the spread of any discovered 
viruses. Further checks are performed on SAFESTART 
files before each is executed. Eventually, system files 
and any additional designated user files are verified. 

40 Since the computer system was booted from an atypical 
partition, the drives are remapped to account for the shift 
in logical disk drive addressing. When the verification 
process is completed, SAFESTART files are cleaned 
up, a latch is set to prevent unauthorized modification 

45 of the initial hash values, and control is returned to the 
BIOS to boot the user operating system. Thus, a com- 
puter system implemented according to the SAFE- 
START patent insures that designated software and 
passwords are trustworthy following a power-up cycle. 

50 [0060] As shown in Figure 2A, when power to the 
computer system S is initially applied or the system un- 
dergoes a cold restart, the POWER-ON sequence 300 
is commenced. In the first step 302 of the POWER-ON 
sequence 200 the computer system S begins executing 

55 from BIOS ROM. The BIOS is preferably stored in flash 
ROM 154 and contains low level programming for boot- 
ing the operating system, and an interrupt handler for 
accessing the hard drive 140. Control then proceeds to 
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step 304 where the computer system S performs a pow- 
er-on self test (POST) to determine if all system hard- 
ware is operating properly. 

[0061] Following additional power-on steps (option- 
al), control next proceeds to step 306 for commence- 5 
ment of a secure power-up procedure such as that de- 
scribed in the SAFESTART patent. In the preferred em- 
bodiment, operating sequences for the secure power- 
up procedure are configured as an option ROM and lo- 
cated in the option ROM address space in a convention- 
al manner. Preferably, the operating sequences are pro- 
vided as the last option ROM in order to allow any other 
option ROM's to be installed at the outset. The system 
BIOS executes this portion of the secure power-on se- 
quence as a part of its scan for option ROMs, which are 
executed when encountered in POST. This arrange- 
ment requires address decoding for the power-on se- 
quence, but also simplifies distribution into a family of 
computer systems. Alternatively, the power-on se- 
quence could be implemented as a direct call from the 
BIOS, rather than an option ROM call. 
[0062] Control next proceeds to step 308 to determine 
if a token 188 containing an encryption algorithm is 
present. If the aforementioned presence detection cir- 
cuitry determines that a token is not present, control 
loops to step 310 to display a message requesting that 
the user provide a token 188. When a token 188 is 
present as determined in step 308, control passes to 
step 312 where the user is prompted to enter a plain text 
user password. As an alternative to a memorized value, 
the plain text password could be generated with the aid 
of biometrics. For example, a scanned fingerprint could 
be converted into a plain text password value. It is noted 
that the precise ordering of steps 308-312 is not consid- 
ered critical to the invention. 

[0063] Control next proceeds to step 314 of Figure 4B 
and the user password is encrypted using the encryption 
algorithm provided by the external token 188. The en- 
crypted plain text password effectively becomes the net- 
work password. The encryption algorithm that is utilized 
by the token 188 can take many forms, including DES, 
RSA, DSA, RC2, RC4, Blowfish, IDEA, 3-WAY, and 
MDC among others. Ideally, the algorithm in each token 
188 is enabled by an encryption key that is unique or of 
limited production, such that it is impractical or impossi- 
ble to circumvent the verification process by using a sub- 
stitute token. 

[0064] It is contemplated that the actual encryption 
process could be carried out by the token 188 itself. In 
this embodiment of the invention, the user password is 
transmitted to the token 1 88 through the RS232 connec- 
tor 146 or alternate connection port. The token 188 then 
performs the encryption function using its stored encryp- 
tion algorithm and associated encryption key. Following 
the encryption process, the encrypted password is re- 
turned to the computer system S via the RS232 connec- 
tor 146. 

[0065] In an alternate embodiment of the invention, 



the encryption algorithm is downloaded into computer 
memory. After the user password has been entered, the 
encryption function is then performed by the computer 
system S. In this embodiment of the invention, it is de- 
sirable that the encryption algorithm be erased from the 
computer memory after completion of the encryption 
process and while the computer system S is still in the 
secure power-on period. This step prevents the encryp- 
tion algorithm from being surreptitiously obtained from 
memory following the secure power-on period. 
[0066] Following creation of the network password, 
control proceeds to step 316 and optional node identifi- 
cation information (or a session key) is appended. As 
mentioned above, node identification information allows 
the network server 201 to determine which node is being 
utilized and grant access privileges accordingly. The op- 
tional node identification information can be appended 
prior to the encryption process of step 314. In either 
case, control next proceeds to step 318 and the network 
password and any appended node identification infor- 
mation are stored in secure memory such as SMM mem- 
ory 250. The network password could also be main- 
tained in protected/locked NVRAM or Flash ROM 154, 
or in some other secure memory such as that disclosed 
in the previously referenced US patent application serial 
no. 08/396343. Following this step, control proceeds to 
step 320 and the secure power-up procedure is contin- 
ued. 

[0067] It should be observed that in each of the em- 
bodiments of the invention described above, the user 
authentication or password verification process is two- 
piece in nature. If either the user password or the exter- 
nal token is misappropriated, it is of little value. Both 
pieces are required to generate the network password. 
In addition, the scope of the invention not considered to 
be limited to the disclosed secure power-up procedure. 
Likewise, the precise ordering of the power-up steps is 
not considered critical to the invention. 
[0068] In one alternate embodiment of the invention, 
the two-piece authentication process is conducted dur- 
ing normal computer operation outside of the secure 
power-on sequence. In this embodiment of the inven- 
tion, the user password is communicated to secure 
memory by means of a secure keyboard communica- 
tions channel such as that described in previously ref- 
erenced US patent application no. 08/657982. Briefly, a 
request for secure keyboard communications causes 
the computer's processor to enter into SMM. The SMI 
handler then directs specialized hardware to intercept 
and divert keyboard interrupts, such that data entered 
via the keyboard is only communicated to secure, non- 
readable memory. The secured keyboard communica- 
tions channel prevents the user's plain text password 
from being intercepted by malicious software code, such 
as a virus masquerading as a screen saver or device 
driver. 

[0069] Thus, a method has been described for permit- 
ting secure user authentication and remote peripheral 
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access based upon a two-piece user verification proc- 
ess. In the disclosed embodiment of the invention, the 
user verification process begins during a secure power- 
up procedure. At some point during the secure power- 
up procedure, the computer user is required to provide 
an external token or smart card. The token or smart card 
is used to store an encryption algorithm furnished with 
an encryption key that is unique or of limited production. 
The computer user is then required to enter a plain text 
user password. Once entered, the user password is en- 
crypted using the encryption algorithm contained in the 
external token to create a network password. When the 
network user desires to access a secured network re- 
source, the network password is then encrypted using 
the network server's public key before being communi- 
cated over the network. Once received by the server, 
the encrypted network password is decrypted using the 
server's public key. A user verification process is then 
performed on the network password to determine which, 
if any, access privileges have been accorded the net- 
work user. Optional node identification information can 
be appended to the network password to provide addi- 
tional levels of access. The two-piece nature of the au- 
thentication process assures that if either the user pass- 
word or the external token is stolen, it is of little value. 
Both pieces are required to access protected resources 
and uniquely identify a user to the network. 



Claims 

1. A method for securely authenticating user identity 
in a computer network including a network server 
(201) coupled to at least one network node (200a) 
capable of communicating with an external token 
(188) that includes a cryptographic algorithm and 
an encryption key (256), the network node (200a) 
further incorporating a secure power-up procedure 
or other secure operating mode, the method com- 
prising the steps of: 

providing a user password to the network node 
(200a); 

communicatively coupling the external token 
(188) to the network node (200a); 
providing the user password to the crypto- 
graphic algorithm stored in the token (1 88); and 
characterised by: 

encrypting the user password with the 
cryptographic algorithm and the encryption 
key (256) to produce a network password 
(254); 

communicating the network password 
(254) to the network server (201); and 
comparing the network password (254) or 
portions thereof to information maintained 
by the network server (201 ) in order to ver- 



ify user identity and/or determine network 
privileges accorded to the network pass- 
word (254). 

5 2. The method of claim 1 , further comprising the step 
of: 

enabling or blocking access to a secured net- 
work resource (21 6,21 8,220) in response to the 
10 result of said step of comparing the network 

password (254) to information maintained by 
the network server (201). 

3. The method of claim 1 , wherein said step of ena- 
15 bling or blocking access to a secured network re- 
source (216,218,220) comprises utilizing the net- 
work password (254) to govern the encryption and 
decryption of specified data maintained in the net- 
work server (201). 

20 

4. The method of claim 1 , wherein said step of provid- 
ing a user password to the network node (200a) is 
performed while the network node (200a) is in a se- 
cure period of operation. 

25 

5. The method of claim 4, wherein the secure period 
of operation includes a secure power-up procedure. 

6. The method of claim 1 , further comprising the steps 
30 of: 

prior to said step of communicating the network 
password (254) to the network server (201 ), en- 
crypting the network password (254) using a 
35 network public key (206a); and 

following said step of communicating the net- 
work password (254) to the network server 
(201), decrypting the network password (254) 
using a network private key (210) correspond- 
40 ing to the network public key (206a). 

7. The method of claim 1 , further comprising the step 
of appending node identification information (204a) 
to the network password (254) prior to communicat- 

45 jng the network password (254) to the network serv- 
er (201). 

8. The method of claim 7, wherein said step of com- 
paring the network password (254) or portions 

50 thereof to information maintained by the network 
server (201) includes limiting access to specified 
data based upon the network password (254) and 
appended node identification information (204a). 

55 9. The method of claim 1 , wherein said step of encrypt- 
ing the user password with the cryptographic algo- 
rithm and the encryption key (256) occurs in the to- 
ken (188). 
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10. The method of claim 1 , wherein said step of provid- 
ing the user password to the cryptographic algo- 
rithm comprises downloading both the cryptograph- 
ic algorithm and the user password to secure com- 
puter memory, and wherein said step of encrypting 
the user password with the cryptographic algorithm 
and the encryption key (256) occurs in secure com- 
puter memory. 

1 1 . The method of claim 1 , wherein the network pass- 
word (254) is maintained in secure memory space 
(SMM) within the network node (200a). 

12. The method of claim 1, wherein the token (188) is 
a smart card. 

13. The method of claim 1, wherein the token (188) is 
a Touch Memory™ device. 

14. The method of claim 1, wherein the encryption key 
(256) is unique or of limited production. 

15. A computer system (S) capable of securely provid- 
ing two-piece user authentication data over a com- 
puter network, the computer system (S) having a 
secure power-on process or other secure operating 
mode, the computer system (S) comprising: 

a system bus (HB); 

a processor (102) coupled to said system bus 
(HB); 

token interface circuitry coupled to said proces- 
sor (1 02) for communicating with an external to- 
ken (188); 

network interface circuitry allowing said proc- 
essor (102) to direct communications to a net- 
work server (201); and characterised by 
means for operating in conjunction with the ex- 
ternal token (188) containing a cryptographic 
algorithm and an encryption key (256), and 
security code stored in a processor readable 
medium comprising: 

means for receiving a user password; 
means for providing the user password to 
the external token (188); 
means for receiving a network password 
(254) from the external token (1 88), where- 
in the network password (254) is the user 
password encrypted with said crypto- 
graphic algorithm and said encryption key 
(256); and 

means for communicating the network 
password (254) to the network server (201 ) 
via said network interface circuitry in order 
to allow the computer user to access se- 
cured network resources (216,218,220). 



16. The computer system (S) of claim 15, wherein said 
security code is executed while the computer sys- 
tem (S) is in a secure operating mode. 

5 17. The computer system (S) of claim 15, wherein said 
secure operating mode is a secure power-on pro- 
cedure. 

18. The computer system (S) of claim 15, wherein said 
10 security code further causes said processor to en- 
crypt the network password using the network serv- 
er's public key prior to said step of communicating 
the network password to the network server. 

15 19. The computer system (S) of claim 15, wherein said 
security code further causes said processor (102) 
to append node identification information (204a) to 
the network password (254) prior to said step of 
communicating the network password (254) to the 

20 network server (20 1 ). 

20. The computer system (S) of claim 15, wherein the 
external token (188) is a smart card. 

25 21. The computer system (S) of claim 15, wherein the 
external token (188) is a Touch Memory™ device. 

22. The computer system (S) of claim 15, wherein the 
encryption key (256) is unique or of limited produc- 
30 tion. 



Patentanspruche 

35 1 . Verfahren zur gesicherten Authentifizierung der Be- 
nutzeridentitat in einem Rechnernetz, das einen 
Netzwerk-Server(201) umfasst, dermitwenigstens 
einem Netzwerkknoten (200a) gekoppelt ist und in 
der Lage ist, mit einem auReren Token (188) zu 

to kommunizieren, das einen kryptografischen Algo- 
rithmus und einen Verschlusselungsschlussel 
(256) umfasst, wobei der Netzwerkknoten (200a) 
aufterdem eine sichere Hochfahrprozedur oder ei- 
nen sonstigen sicheren Betriebsmodus umfasst, 

45 wobei das Verfahren folgende Schritte umfasst: 

Bereitstellen eines Benutzerpasswortes fur 
den Netzwerkknoten (200a); 

50 - kommunikatives Koppeln des aufieren Tokens 
(188) mit dem Netzwerkknoten (200a); 

Bereitstellen des Benutzerpasswortes fur den 
in dem Token (188) gespeicherten kryptografi- 
55 schen Algorithmus; und gekennzeichnet 

durch 

- Verschlusseln des Benutzerpasswortes mit 
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dem kryptografischen Algorithmus und dem 7. 
Verschliisselungsschlussel (256), urn ein Netz- 
werkpasswort (254) zu erzeugen; 

Weitergeben des Netzwerkpasswortes (254) 5 
an den Netzwerk-Server (201); und 

8. 

Vergleichen des Netzwerkpasswortes (254) 
Oder von Teilen davon mit den von dem Netz- 
werk-Server (201) verwalteten Informationen, 10 
um die Benutzeridentitat zu uberpriifen bzw. 
dem Netzwerkpasswort (254) gewahrte Netz- 
werkprivilegien zu bestimmen. 



Verfahren nach Anspruch 1, das zusatzlich den 
Schritt des Anhangens von Knotenidentifizierungs- 
informationen (204a) an das Netzwerkpasswort 
(254) umfasst, bevor das Netzwerkpasswort (254) 
an den Netzwerk-Server (201 ) weitergegeben wird. 

Verfahren nach Anspruch 7, wobei der Schritt, bei 
dem das Netzwerkpasswort (254) oder Teile davon 
mit von dem Netzwerk-Server (201) verwalteten In- 
formationen verglichen werden, das Beschranken 
des Zugriffs auf spezifizierte Daten anhand des 
Netzwerkpasswortes (254) und von Knotenidentifi- 
zierungsinformationen (204a) umfasst. 



2. Verfahren nach Anspruch 1 , zusatzlich folgenden 
Schritt umfassend: 

Ermoglichen oder Blockieren des Zugriffs auf 
eine gesicherte Netzwerkausstattung (216, 
218, 220) als Reaktion auf das Ergebnis aus 
dem Schritt des Vergleichens des Netzwerk- 
passwortes (254) mit den von dem Netzwerk- 
Server (201) verwalteten Informationen. 

3. Verfahren nach Anspruch 1, wobei der Schritt, den 
Zugriff auf eine gesicherte Netzwerkausstattung 
(216, 218, 220) zu ermoglichen oderzu blockieren, 
das Verwenden des Netzwerkpasswortes (254) 
umfasst, um die Verschlusselung und Entschlusse- 
lung von spezifizierten Daten zu regeln, die von 
dem Netzwerk-Server (201) verwaltet werden. 

4. Verfahren nach Anspruch 1, wobei der Schritt, ein 
Benutzerpasswort fur den Netzwerkknoten (200a) 
bereitzustellen, durchgefuhrt wird, wahrend sich 
der Netzwerkknoten (200a) in einem sicheren Be- 
triebszeitraum befindet. 

5. Verfahren nach Anspruch 4, wobei der sichere Be- 
triebszeitraum eine sichere Hochfahrprozedur um- 
fasst. 

6. Verfahren nach Anspruch 1, zusatzlich folgende 
Schritte umfassend: 



15 9. Verfahren nach Anspruch 1, wobei der Schritt des 
Verschlusselns des Benutzerpasswortes mit dem 
kryptografischen Algorithmus und dem Verschlus- 
selungsschlussel (256) in dem Token (188) ge- 
schieht. 

20 

10. Verfahren nach Anspruch 1, wobei der Schritt, bei 
dem das Benutzerpasswort fur den kryptografi- 
schen Algorithmus bereitgestellt wird, das Herun- 
terladen sowohl des kryptografischen Algorithmus 

25 als auch des Benutzerpasswortes in sicheren 
Rechnerspeicher umfasst und der Schritt des Ver- 
schlusselns des Benutzerpasswortes mit dem kryp- 
tografischen Algorithmus und dem Verschlusse- 
lungsschlussel (256) in sicherem Rechnerspeicher 

30 geschieht. 

11. Verfahren nach Anspruch 1, wobei das Netzwerk- 
passwort (254) auf sicherem Speicherplatz (SMM) 
innerhalb des Netzwerkknotens (200a) verwaltet 

35 wird. 

12. Verfahren nach Anspruch 1 , wobei das Token (188) 
eine intelligente Chip-Karte ist. 

40 13. Verfahren nach Anspruch 1, wobei das Token (188) 
eine Touch Memory ™-Vorrichtung ist. 

14. Verfahren nach Anspruch 1, wobei der Verschlus- 
selungsschliisse! (256) eindeutig oder von be- 

45 schrankter Erzeugung ist. 

15. Rechnersystem (S), das in der Lage ist, gesichert 
zweiteilige Benutzer-Authentifizierungsdaten uber 
ein Rechnernetzwerk bereitzustellen, wobei das 

sicheren Einschalt- 
i Betriebsmodus auf- 
n (S) Folgendes um* 



vor dem Schritt des Weitergebens des Netz- 
werkpasswortes (254) an den Netzwerk-Server 
(201) Verschlusseln des Netzwerkpasswortes 
(254) unter Verwendung eines offentlichen 
Netzwerkschlussels (206a); und 

nach dem Schritt des Weitergebens des Netz- 
werkpasswortes (254) an den Netzwerk-Server 
(201) Entschliisseln des Netzwerkpasswortes 
(254) unter Verwendung eines dem offentli- 
chen Netzwerkschlussel (206a) entsprechen- 
den privaten Netzwerkschlussels (210). 



50 Rechnersystem (S) einen 
prozess oder einen sonstigen 
weist und das Rechnersysten 
fasst: 

55 - einen Systembus (HB); 



einen mit dem Systembus (HB) gekoppelten 
Prozessor (102); 



11 



21 



EP 0 851 335 B1 



22 



eine mit dem Prozessor (102) gekoppelte To- 
ken-Schnittstellenschaltung zum Kommunizie- 
ren mit einem aufieren Token (188); 

Netzwerkschnittstellenschaltung, die es dem 
Prozessor (102) ermoglicht, Mitteilungen an ei- 
nen Netzwerk-Server (201) zu richten; und ge- 
kennzeichnet durch 

Einrichtungen zum Betrieb in Verbindung mit 
dem aufieren Token (188), das einen krypto- 
grafischen Algorithmus und einen Verschlusse- 
lungsschlussel (256) umfasst; und 

Sicherheitscode, der in einem von einem Pro- 
zessor lesbaren Medium gespeichert ist, um- 
fassend: 

Einrichtungen zum Empfangen eines Be- 
nutzerpasswortes; 

Einrichtungen zum Bereitstellen des Be- 
nutzerpasswortes fur das auftere Token 
(188); 

Einrichtungen zum Empfangen des Netz- 
werkpasswortes (254) von dem aufceren 
Token (188), wobei das Netzwerkpasswort 
(254) das mit dem kryptografischen Algo- 
rithmus und dem Verschlusselungsschlus- 
sel (256) verschliisselte Benutzerpasswort 
ist; und 

Einrichtungen zum Weitergeben des Netz- 
werkpasswortes (254) an den Netzwerk- 
Server (201) uber die Netzwerkschnittstel- 
lenschaltung, urn dem Rechnerbenutzer 
den Zugriff auf gesicherte Netzwerkaus- 
stattungen(216,218,220)zu ermoglichen. 

16. Rechnersystem (S) nach Anspruch 15, wobei der 
Sicherheitscode ausgefuhrt wird, wahrend sich das 
Rechnersystem (S) in einem sicheren Betriebsmo- 
dus befindet. 

17. Rechnersystem (S) nach Anspruch 15, wobei der 
sichere Betriebsmodus eine sichere Einschalt- 
prozedur ist. 

18. Rechnersystem (S) nach Anspruch 15, wobei der 
Sicherheitscode aufterdem den Prozessor veran- 
lasst, vor dem Schritt des Weitergebens des Netz- 
werkpasswortes an den Netzwerk-Server das Netz- 
werkpasswort unter Verwendung des offentlichen 
Schlussels des Netzwerks zu verschlusseln. 

19. Rechnersystem (S) nach Anspruch 15, wobei der 
Sicherheitscode aufierdem den Prozessor (102) 



veranlasst, vor dem Schritt des Weitergebens des 
Netzwerkpasswortes (254) an den Netzwerk-Ser- 
ver (201) Knotenidentifizierungsinformationen 
(204a) an das Netzwerkpasswort (254) anzuhan- 
5 gen. 

20. Rechnersystem (S) nach Anspruch 15, wobei das 
Token (188) eine intelligente Chip-Karte ist. 

10 21. Rechnersystem (S) nach Anspruch 15, wobei das 
Token (188) eine Touch Memory™ -Vorrichtung ist. 

22. Rechnersystem (S) nach Anspruch 15, wobei der 
Verschlusselungsschlussel (256) eindeutig oder 
15 von beschrankter Erzeugung ist. 



Revendications 

20 1. Un procede pour authentifier de maniere sure une 
identite d'utilisateurdans un reseau informatique in- 
cluant un serveur de reseau (201) couple a au 
moins un noeud de reseau (200a) capable de com- 
muniquer avec un jeton externe (188) qui comporte 

25 un algorithme cryptographique et une cle de chiffre- 
ment (256), le noeud de reseau (200a) comportant 
en outre une procedure de mise sous tension secu- 
risee ou un autre mode de fonctionnement securi- 
se, le procede comprenant les etapes suivantes : 

30 

on fournit un mot de passe d'utilisateur au 
noeud de reseau (200a); 
on couple pour la communication le jeton ex- 
terne (188) au noeud de reseau (200a); 
35 on fournit le mot de passe d'utilisateur a I'algo- 

rithme cryptographique stocke dans le jeton 
(188); et caracterise par les etapes suivantes: 

on chiffre le mot de passe d'utilisateur avec 
40 Palgorithme cryptographique et la cle de 

chiffrement (256) pour produire un mot de 
passe de reseau (254); 
on communique le mot de passe de reseau 
(254) a un serveur de reseau (201); et 
45 on compare le mot de passe de reseau 

(254) ou des parties de celui-ci avec une 
information conservee par le serveur de re- 
seau (201 ), afin de verifier I'identite de I'uti- 
lisateur etlou de determiner des privileges 
50 de reseau accordes au mot de passe de 

reseau (254). 

2. Le procede selon la revendication 1, comprenant 
en outre I'etape suivante : 

55 

on accorde ou on bloque I'acces a une ressour- 
ce de reseau securisee (216, 218, 220) en re- 
ponse au resultat de I'etape de comparaison du 
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mot de passe de reseau (254) avec de I'infor- 
mation conservee par le serveur de reseau 
(201). 

3. Le procede selon la revendication 1, dans lequel 
I'etape d'accord ou de blocage de I'acces a une res- 
source de reseau securisee (216, 218, 220) com- 
prend rutilisation du mot de passe de reseau (254) 
pour piloter le chiffrement et le dechiffrement de 
donnees specifiees conservees dans le serveur de 
reseau (201). 

4. Le procede selon la revendication 1, dans lequel 
I'etape de fourniture d'un mot de passe d'utilisateur 
au noeud de reseau (200a) est accomplie pendant 
que le noeud de reseau (200a) est dans une perio- 
de de fonctionnement securisee. 

5. Le procede selon la revendication 4, dans lequel la 
periode de fonctionnement securisee comprend 
une procedure de mise sous tension securisee. 

6. Le procede selon la revendication 1 , comprenant 
en outre les etapes suivantes : 

avant I'etape de communication du mot de pas- 
se de reseau (254) au serveur de reseau (201), 
on chiffre le mot de passe de reseau (254) en 
utilisant une cle publique de reseau (206a); et 
a la suite de I'etape de communication du mot 
de passe de reseau (254) au serveur de reseau 
(201), on dechiffre le mot de passe de reseau 
(254) en utilisant une cle privee de reseau (210) 
correspondant a la cle publique de reseau 
(206a). 

7. Le procede selon la revendication 1 , comprenant 
en outre I'etape consistant a annexer une informa- 
tion d'identification de noeud (204a) au mot de pas- 
se de reseau (254) avant de communiquer le mot 
de passe de reseau (254) au serveur de reseau 
(201). 

8. Le procede selon la revendication 7, dans lequel 
I'etape de comparaison du mot de passe de reseau 
(254) ou de parties de celui-ci avec une information 
conservee par le serveur de reseau (201 ) comprend 
la limitation de I'acces a des donnees specifiees, 
sur la base du mot de passe de reseau (254) et de 
reformation d'identification de noeud (204a) an- 
nexee. 

9. Le procede selon la revendication 1, dans lequel 
I'etape de chiffrement du mot de passe d'utilisateur 
avec I'algorithme cryptographique et la cle de chif- 
frement (256) a lieu dans le jeton (188). 

10. Le procede selon la revendication 1, dans lequel 



I'etape consistant a fournir le mot de passe d'utili- 
sateur a I'algorithme cryptographique comprend le 
telechargement a la fois de I'algorithme cryptogra- 
phique et du motde passe d'utilisateur vers une me- 
5 moire d'ordinateur securisee, et dans lequel I'etape 
de chiffrement du mot de passe d'utilisateur avec 
I'algorithme cryptographique et la cle de chiffrement 
(256) a lieu dans la memoire d'ordinateur securisee. 

10 1 1 . Le procede selon la revendication 1 , dans lequel le 
mot de passe de reseau (254) est conserve dans 
un espace de memoire securise (SMM) a I'interieur 
du noeud de reseau (200a). 

is 12. Le procede selon la revendication 1, dans lequel le 
jeton (188) est une carte a microprocesseur. 

13. Le procede selon la revendication 1, dans lequel le 
jeton (188) est un dispositif Touch Memory (marque 

20 deposee). 

14. Le procede selon la revendication 1, dans lequel la 
cle de chiffrement (256) est unique ou produite en 
quantite limitee. 

25 

1 5. Un systeme d'ordinateur (S) capable de fournir ma- 
niere sure des donnees d'authentification d'utilisa- 
teur en deux parties, sur un reseau informatique, le 
systeme d'ordinateur (S) ayant un processus de mi- 

30 se sous tension securise ou un autre mode de fonc- 
tionnement securise, le systeme d'ordinateur (S) 
comprenant : 

un bus de systeme (HB); 
35 un processeur (1 02) couple au bus de systeme 

(HB); 

un circuit d'interface de jeton couple au proces- 
seur ( 1 02) pour communiquer avec un jeton ex- 
terne (188); 

40 un circuit d'interface de reseau permettant au 

processeur (102) de dinger des communica- 
tions vers un serveur de reseau (201); et ca- 
racterise par 

un moyen prevu pour fonctionner en associa- 
45 tion avec le jeton externe (188), contenant un 

algorithme cryptographique et une cle de chif- 
frement (256), et 

un code de securite stocke sur un support lisi- 
ble par processeur, comprenant : 

50 

un moyen pour recevoir un mot de passe 
d'utilisateur; 

un moyen pour fournir le mot de passe 
d'utilisateur au jeton externe (188) 
55 un moyen pour recevoir un mot de passe 

de reseau (254) provenant du jeton exter- 
ne (188), le mot de passe de reseau (254) 
etant chiffre avec I'algorithme cryptogra- 



30 



35 



40 



45 



50 



13 



25 



EP 0 851 335 B1 



phique et la cle de chiffrement (256); et 
un moyen pour communiquer le mot de 
passe de reseau (254) au serveur de re- 
seau (201) par I'intermediaire du circuit 
d' interface de reseau, afin de permettre a 5 
rutilisateur de Pordinateur d'acceder a des 
ressources de reseau securisees (216, 
218, 220). 

16. Le systeme d'ordinateur (S) selon la revendication 10 
1 5, dans lequel le code de securite est execute pen- 
dant que le systeme d'ordinateur (S) est dans un 
mode de fonctlonnement securise. 

17. Le systeme d'ordinateur (S) selon la revendication is 
15, dans lequel le mode de fonctionnement securi- 
se est une procedure de mise sous tension securi- 
see. 

18. Le systeme d'ordinateur (S) selon la revendication 20 
15, dans lequel le code de securite commande en 
outre au processeur de chiffrer le mot de passe de 
reseau en utilisant la cle publique du serveur de re- 
seau, avant I'etape de communication du mot de 
passe de reseau au serveur de reseau. 25 

19. Le systeme d'ordinateur (S) de la revendication 15, 
dans lequel le code de securite commande en outre 
au processeur (102) d'annexer une information 
d'identification de noeud (204a) au mot de passe 30 
de reseau (254), avant I'etape de communication 

du mot de passe de reseau (254) au serveur de re- 
seau (201). 

20. Le systeme d'ordinateur (S) de la revendication 1 5, 35 
dans lequel le jeton externe (188) est une carte a 
microprocesseur. 

21. Le systeme d'ordinateur (S) de la revendication 1 5, 
dans lequel le jeton externe (188) est un dispositif *o 
Touch Memory (marque deposee). 

22. Le systeme d'ordinateur (S) selon la revendication 
15, dans lequel la cle de chiffrement (256) est uni- 
que ou produite en quantite limitee. 45 
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